Reusing and Recycling Mobile Assets | Device Reclamation Program

How many of you have old smartphones sitting in a drawer or cabinet at your desk? It would be safe to assume many of you do. The establishment of a robust mobile asset management and recovery solution would almost certainly be worthwhile for most organizations. However, such a solution would also be extremely challenging to implement.

This particular blog post will focus on reusing and recycling mobile assets so we won’t dwell on the asset management portion of the challenge. i.e. Let’s assume that you can successfully link a mobile asset with a phone number and with an employee. That, in and of itself, is no easy task but we’ll save that for a future blog post.

Let’s start by determining the circumstances in which hardware should be recovered:

Employee exit: This scenario would include voluntary exit, non-voluntary exit, or retirement of an employee with a mobile device.

Change in ownership model: This scenario would include the shift from corporate ownership to personal ownership of the mobile device.

Shift in role: This scenario would involve an employee shifting roles which would require an alternate device or no device at all.

Damaged device: This scenario would obviously include a damaged device, but that damage could be in-warranty or out-of-warranty (including water damage).

Irrecoverable device: This scenario is similar to damaged device but would refer to situations where the device cannot be recovered to a productive state. For example, troubleshooting efforts may be exhausted or the device may be locked out due to a forgotten passcode or activation lock.

Project completion: This scenario would be the recovery of hardware after they have served their purpose for specialized projects. This would typically be for specialized deployments like customer or patient-facing applications or for re-imaging after being deployed for a specific purpose.

The robust operations of a device reclamation program would start with automated procedures and communication to prompt users or managers to return devices to the centralized facility for processing. Once again, we are assuming we have solved the significant challenge of associating the device to be returned with the appropriate user and manager. Automation is important here to ensure auditability of the device from initiation of the process to the final action related to the device (including the possibility of identifying the device as lost/stolen). The automation is also essential to allow for process-driven escalation of the communication. For example, let’s assume a user is upgrading their existing device and the system/solution has identified that their old device should be returned. The communication procedure could proceed as follows:

Upon upgrade, the end-user receives an email which includes a warning that they will have to return their old device and a link for return instructions.

3 weeks after the new device has been sent, an automated email goes to the end-user with a reminder and instructions.

4 weeks after the new device has been sent, another automated email but with the direct manager copied.

5 weeks after the new device has been sent, another automated email with the direct manager, the director, and the mobility program lead.

The return procedure could take place in any number of ways. The return instructions to an individual user could include a shipping label to allow for a direct shipment of their individual device. However, this could get costly due to the quantities. For most return scenarios outlined above, there is no urgency for the return shipment. If there is no urgency, a more common procedure would be to send or drop-off the device to a staging location or locations within the organization. From there, devices can be shipped in bulk.

Upon arrival of the returned device at the reclamation facility, a precise workflow should be followed, and those tasks should be captured in the associated IT service management (ITSM) ticket for that specific return. Here are activities that may be executed along with some details for each:

Capture of device details

Common information would include date of device receipt, device serial numbers, make, model, memory, quality (see below), and ultimately the action taken with the device. Additional accessories and pieces of hardware should be included in the information captured as well such as cases, SIM cards, and especially media cards.

Completion of a Visual-Mechanism Inspection (VMI) and/or on device diagnostic

This will be important step to determine the subsequent procedure to take. In case the device is of high quality, it may be slated for entry to the spare pool or for resale. In case of damage, this activity will be important for the repair vendor to confirm if the device can be repaired or is covered under warranty.

Removal of the device from vendor systems and wiping of data

Examples of applicable vendor systems would be Apple Device Enrollment Program (DEP), Samsung Knox Mobile Enrollment (KME). This is an essential step for two reasons. First, in case the device is resold, this will prevent the device from automatically attempting to enroll in the corporate Enterprise Mobility Management (EMM) solution. Second, in case the device is resold, this will allow the device to subsequently operate upon factory reset. Performing a wipe or factory reset is also an important step. In some cases, a more detailed scrubbing procedure may be required by some organizations.

Submit device for repair

Obviously for warranty replacement devices, a repair or replacement exercise will take place. Typically, when it comes to the end-user, organizations will replace a damaged device with a spare pool device, regardless of warranty coverage, in order to minimize downtime. Therefore, when the repaired or replacement device is received, it would be added to the spare pool inventory rather than being returned to the end-user. For non-warranty replacement, a cost threshold would typically be identified to confirm if a repair is worthwhile. This exercise should also take into account shipping costs. In this workflow, it would be important to not close the ITSM ticket until the device has been returned or replaced.

Add device to spare pool inventory

Given a well thought-out asset management and device reclamation program, many devices will begin to get returned that are perfectly operational, typically from the employee exit scenario. Upon capturing device details and the completion of VMI, it would typically be suggested that the device be added to the spare pool inventory for future use cases. Maintaining a healthy spare pool could significantly lower costs for hardware as out-of-contract hardware purchases could largely be avoided. However, it is important to not maintain too much inventory in the spare pool as a device refresh may be upcoming and excessive inventory would largely be wasted at that time. Therefore, if the spare pool inventory is exceeded, the resale of returned hardware would be recommended.

Submit device for resale

There is a very healthy market in the industry for the resale of old mobility hardware. An agreement should be put in place with a resale vendor. Returned devices that are not ultimately destined for the spare pool should typically be slated for resale, assuming that they are of sufficient quality. It would be reasonable to assume that a well thought-out asset management and device reclamation program will be cost effective, even when taking into account the cost of the program and shipping costs.

Submit device for destruction

Most resale vendors will also destroy and recycle devices that are not deemed to have value. Some reimbursement from the precious metals can be expected as part of this exercise but this is typically minimal. The determination of a device being slated for destruction or resale will be based on a combination of the make/model of the device and the quality, both of which can be documented and assessed upon receipt of the device at the reclamation facility.

Submit device for forensics

This would be a specialized destination for returned hardware. There may be circumstances in which corporate and insider threat investigations are required. This would include activities such as employee misconduct, IP theft, fraud, data exfiltration, and root cause analysis. Highly specialized vendors do exist to cover this circumstance and this can be deemed as applicable depending on the returned device circumstances, escalations from corporate security, or even the user segment where the device originated.

Submit device for legal hold

Similar to forensics, the requirement for legal hold would be a specialized destination for returned hardware. Although in this case, the requirement is not for the hardware, but the underlying data. If a legal hold is required, the data on the device can be backed up in a recoverable and secure state allowing for the hardware to be processed as per the above circumstances. Vox Mobile has encountered scenarios in which an organization required infinite legal hold on devices resulting in an ever increasing stockpile of hardware. In such a case, a process of secure data extraction and storage would be recommended.

There is extraordinary additional details and tasks involved in each of the activities captured above. Certainly not all extreme use-cases must be put in place and the implementation of such a program can be phased. However, the complete lack of such a program is not recommended given the potential benefit from a financial, security, and productivity perspective. If there are further questions related to this topic, please contact us.

Subscribe to Keep Up

Email*

*

I agree to receive blog updates from Vox Mobile. Vox Mobile guarantees 100% privacy, your information will not be shared. You may unsubscribe at any time.